CVE-2020-23922

Опубликовано: 22 апр. 2021

Источник: redhat

CVSS3: 5.5

EPSS Низкий

Описание

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

A flaw was found in giflib. A missing check in function DumpScreen2RGB in gif2rgb.c leads to an out-of-bounds read, allowing an attacker to crash the gif2rgb tool. The issue is not in the giflib library, but in the gif2rgb utility program.

Отчет

This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 8 as they did not include the gif2rgb tool.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	giflib	Out of support scope
Red Hat Enterprise Linux 7	giflib	Out of support scope
Red Hat Enterprise Linux 8	giflib	Not affected
Red Hat Enterprise Linux 9	giflib	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=1953004giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool

EPSS

Процентиль: 88%

0.03785

Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-23922

CVSS3: 7.1

ubuntu

почти 5 лет назад

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

CVE-2020-23922

CVSS3: 7.1

nvd

почти 5 лет назад

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

CVE-2020-23922

CVSS3: 7.1

debian

почти 5 лет назад

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...

GHSA-6xhw-5p38-q4xw

CVSS3: 7.1

github

больше 3 лет назад

An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

EPSS

Процентиль: 88%

0.03785

Низкий

5.5 Medium

CVSS3